Much of the criticism of C++ is based on code that is written in older styles, or even in C, that do not use the modern facilities aimed to increase type-and-resource safety. Also, the C++ eco system offers a large number of static analysis tools, memory use analysers, test frameworks and other sanity tools.
I often hear comments like this from proponents of modern C++, comments that imply that anachronistic C++ is to blame for CVEs written in it. However, it can be tricky even in "modern" C++ to avoid causing use-after-free errors and memory corruption. First example is this post, discussing something that was assumed to be a GCC bug that actually just shows how unintuitive lambdas and coroutines can be when mixed together:
From the response:
Much of the criticism of C++ is based on code that is written in older styles, or even in C, that do not use the modern facilities aimed to increase type-and-resource safety. Also, the C++ eco system offers a large number of static analysis tools, memory use analysers, test frameworks and other sanity tools.
I often hear comments like this from proponents of modern C++, comments that imply that anachronistic C++ is to blame for CVEs written in it. However, it can be tricky even in "modern" C++ to avoid causing use-after-free errors and memory corruption. First example is this post, discussing something that was assumed to be a GCC bug that actually just shows how unintuitive lambdas and coroutines can be when mixed together:
https://news.ycombinator.com/item?id=33084431
And these are two memory safety errors (in Chromium and Edge, respectively) that are written in what looks to be modern C++:
https://bugs.chromium.org/p/chromium/issues/detail?id=102715...
https://microsoftedge.github.io/edgevr/posts/memory-corrupti...